package com.zz.config;



import javax.annotation.Resource;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.zz.entity.Manager;
import com.zz.repository.ManagerRepository;




public class ShiroRealm extends AuthorizingRealm {

	@Resource
//	public UserRepository UserRepository;
	public ManagerRepository managerRepository;

	/**
	 * 获取用户角色和权限
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {//权限认证，权限不同界面不同
		return null;
	}

	/**
	 * 登录认证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		String name = (String) token.getPrincipal();//用户名
		String password = new String((char[]) token.getCredentials());//进行MD5加密--是不可逆转的，是不可破解的 不能解密
		System.out.println("用户" + name + "认证-----ShiroRealm.doGetAuthenticationInfo");
		Manager manager = managerRepository.findByName(name);
		System.out.println(manager);
		if (manager == null) {
			throw new UnknownAccountException("用户名错误！");
		}
		if (!password.equals(manager.getPwd())) {
			throw new IncorrectCredentialsException("密码错误！");
		}
		SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(manager, password, getName());
		return info;
	}

}